Ever wonder why careful people still get scammed? Often it isn't that they failed to block some later step—it's that they picked the wrong platform and walked through the wrong door from the very start. Fake exchanges, cloned apps, Ponzi schemes—the first task in all of these is to make you "believe you're using a legitimate place." So the highest-value anti-scam effort happens up front: pick the right platform, confirm the official channel. This guide breaks "how to tell if an exchange is legit" into a set of standards you can check off one by one.
- Choosing a platform is the first—and highest-value—anti-scam move: pick the right door and most scams never enter your field of view.
- To judge legitimacy, look at a set of hard signals: major exchange or not, operating history, proof of reserves, regulation/licensing, liquidity, smooth withdrawals.
- Even a legit platform can be entered through the wrong door—a fake site / cloned app—so always verify the official domain and use the official channel.
Why "picking the right platform" is the first anti-scam step
Flip through the cases in our scam field guide and you'll notice that many scams, however varied they look, are rooted at the "platform" layer:
- Cloned phishing sites and cloned apps dress a fake platform up to look real;
- Ponzi schemes and fake high-yield rebates simply build a "platform" that's an empty shell from start to finish—you can deposit in, but you'll never withdraw out;
- Even pig butchering ends with the same move: funneling you into an "insider guaranteed-profit" fake trading platform.
In other words, the decision of "where to trade" often determines whether you'll be scammed earlier than "how to trade" does. Pick the door right—use only well-recognized legit majors, enter and exit only through official channels—and this whole class of scams is largely shut out. That's why we put "how to tell if an exchange is legit" at the very front of anti-scam practice.
The signals to check, one by one
No single signal is decisive on its own, but put these together and a platform's true profile gets clear fast. Take a platform you're considering and tick down the list.
Is it a widely recognized major exchange?
Is it one of the names broadly used and consistently ranked near the top of the industry? A beginner has no reason to gamble on a small platform nobody's heard of; major exchanges sit a level above on security investment and on being watched and scrutinized.
Operating history and reputation
How long has it existed? How many market cycles has it survived? What's its long-term reputation on independent communities and third-party data sites—and look at long-term, scattered reviews, not the handful of glowing testimonials it posts on its own page.
Does it publish proof of reserves (PoR)?
Proof of Reserves is a public disclosure a platform uses to show "I hold users' funds and haven't misappropriated them." Whether it publishes regularly, and whether you can verify it, is an important measure of transparency.
Regulation and licensing
Does it hold relevant licenses and accept oversight in major jurisdictions—in the US, that includes registration as a FinCEN money services business and state money-transmitter licenses. Compliance is no magic amulet, but a platform operating entirely outside any oversight, whose very legal entity is unclear, is plainly higher-risk.
Real liquidity and order-book depth
Are the order books for major coins deep enough, are spreads tight, can you fill reliably? Fly-by-night platforms often have thin books, or prices "painted" by the back end that can't survive real trading.
Smooth, string-free withdrawals
This is the signal that smokes out the monsters: a legit platform lets you take your money out smoothly. Anything that, at withdrawal time, throws up "pay a tax first," "post a deposit first," or "fund the account to lift a risk hold" is almost always the tail end of a scam. Whether you can withdraw cleanly matters a hundred times more than whether you can deposit cleanly.
Is the official domain and app source the only trusted one?
Even if the platform itself is legit, you still have to confirm you're on its official domain and installed an app from the official app store or the official site's download page. We give this its own detailed treatment below, because it's the most common entry point for scams.
Do support and announcements go through official channels?
A legit platform's support runs through in-app tickets and its announcements through the official site and official accounts—it won't DM you out of the blue. Any "support" or "account manager" who opens with a DM is a suspicious signal.
Automatic disqualifiers: see these signals, pass immediately
- Promises of fixed daily returns, principal-protected high interest, guaranteed profit—a legit exchange makes no such promise.
- Rewards built on recruiting and building downline, with an obvious pyramid / Ponzi structure.
- A pay-to-withdraw gate at cash-out ("pay a tax / deposit / unlock fee" before you can take money out).
- Accessible only via a DM'd link or a QR code in a group, with no stable official domain you can find.
Legit major vs. fly-by-night platform: clearer side by side
Set the two types next to each other and the difference jumps out:
✓ A legit major usually looks like this
- Years of operation, broadly used, scattered and verifiable reputation
- Publishes proof of reserves regularly, discloses proactively
- Has clear compliance and licensing information
- Deep books on major coins, tight spreads, reliable fills
- Smooth withdrawals, no strange gates
- A single official domain, verifiable in official announcements
- Support via in-app tickets, announcements via official channels
⚠ A fly-by-night / fake platform often looks like this
- Never heard of it, no traceable history, or heavily promoted right after launch
- No verifiable proof of reserves
- Vague or nonexistent entity and regulatory information
- Thin books, prices that look "painted" by the back end
- Instant deposits, withdrawals gated at every turn
- Domains that change often, spread via DMs / QR codes
- "Support" that DMs you first and rushes you to act
One especially useful rule of thumb: don't be won over by "how smooth depositing is"—test "how smooth withdrawing is." Scam platforms are masters at letting you put money in; the real test always comes the moment you try to take it out.
Official domain-check table
Picking a legit major is only half the job; the other half is confirming you're on its official domain and not an identical-looking phishing site. Below are the widely known official domains of several major exchanges, for cross-checking reference:
| Exchange | Official domain | Note |
|---|---|---|
| OKX | okx.com | One of the mainstream majors; suffix is .com |
| Binance | binance.com | One of the mainstream majors; suffix is .com |
| Coinbase | coinbase.com | One of the mainstream majors; suffix is .com |
| Kraken | kraken.com | One of the mainstream majors; suffix is .com |
Note: this table lists only the main domains of major exchanges we can confirm, for cross-checking reference; domains are governed by each exchange's official announcements, and a platform may adjust its access domain. When unsure, re-verify with our domain checker—don't treat this table as the sole source of truth, and don't infer anything about platforms not listed here.
A padlock (HTTPS) does not mean it's the official site
The padlock in the address bar only means the connection is encrypted; it does not mean the site is real—scammers can put HTTPS on a phishing clone too. To judge official from fake, what you look at is always whether the full domain matches character for character, not whether there's a padlock.
How to check an official domain yourself
The handful of domains in that table are just a starting point; the real habit is making "check it every time you enter" automatic. Here's how:
- Check the full domain character by character: stare at the address bar—is the main domain (the part before the final dot) right, is the suffix right, are there extra words (official/login/vip/bonus) or near-miss spellings (an o swapped for a 0)?
- Don't click links others send: whether it's "support," a "mentor," or a search ad, don't enter via their link—use your own saved bookmark or type the official domain by hand.
- Bookmark it once you've confirmed: the instant it checks out, add it to your browser bookmarks; from then on enter only from the bookmark, no longer relying on search and links.
- Install apps only from official sources: on mobile, get apps only from the Apple App Store / Google Play or the exchange's official download page—never install a package someone sent.
- Use the checker when unsure: open the domain checker, paste in the domain you're seeing, and rule out the most common fakes in a few seconds.
To train this judgment more systematically, read cloned phishing sites and fake exchanges and cloned apps back to back—they break down how fake sites and fake apps clone, and how to see through them, complementing this piece perfectly: one teaches you to pick the right door, the other two teach you to spot the fake ones.
Common questions
How do I quickly judge whether an exchange is trustworthy?
First, is it a widely recognized major exchange with years of operating history and broad, scattered word-of-mouth? Then look at whether it publishes proof of reserves, whether it's regulated/licensed, the depth of its order books, and whether withdrawals are smooth and string-free. Most important: verify the official domain and the app's source—no amount of good reviews helps if you walked in through a stranger's link onto a lookalike fake site. Automatic disqualifiers: promises of principal-protected high yield, reward-for-recruiting structures, and a fee you must pay before you can withdraw—see any of these and pass.
Can I trust a platform promising high yields, guaranteed and principal-protected?
No. A legit exchange is just a venue that matches trades; market risk is yours, and it won't promise a fixed daily return, principal-protected high interest, or an "insider guaranteed-profit channel." Anything using high fixed returns to draw you into depositing, locking up funds, or recruiting downline is, at heart, usually a Ponzi or pyramid scheme—a different animal from a real exchange. Cross-check against our breakdown of fake high-yield rebates and Ponzi schemes.
How do I confirm I'm on the official website?
Check the entire domain in the address bar character by character: is the main domain right, is the suffix right, are there extra words or near-miss spellings? Don't click links others send—use your own saved bookmark or type it by hand; when unsure, run it through a domain checker, and treat each exchange's official announcements as the source of truth for its domain. Note that an HTTPS padlock does not mean it's the official site—a phishing clone can have a padlock too.
Is OKX a legit exchange? What's its official domain?
OKX is one of today's mainstream large crypto exchanges, and its official domain is okx.com. But keep two things straight—"legit" and "getting scammed" are different questions. Even with a major exchange, if you enter through a lookalike fake site or a cloned app, you'll still get hit. So confirming the official domain and going through the official channel to sign up and download matters more for your safety than agonizing over the platform itself.
Pick the right door, and most scams can't get in
If you're going to start trading, the steadiest approach is plain: prefer a reputable major exchange, sign up through the official channel, then bookmark the official domain and only enter and exit from the bookmark. OKX is one of the mainstream exchanges; its official domain is okx.com, and you can sign up through the official channel below—remember to confirm the domain with the checker before you act.
Read on
- Cloned phishing sites and fake exchanges—the platform is real, the door is fake; see how it clones and how to break it.
- Cloned apps (fake OKX / fake Binance)—after picking the right exchange, don't install the wrong app at download.
- Domain checker—when unsure, paste the domain in and rule out common fakes in seconds.